Commit f3deae79 authored by Francesco Colista's avatar Francesco Colista

main/libtasn1: security fix for CVE-2017-6891. Fixes #7329

parent fcc2d0a8
......@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=libtasn1
pkgver=4.9
pkgrel=0
pkgrel=1
pkgdesc="The ASN.1 library used in GNUTLS"
url="http://www.gnu.org/software/gnutls/"
arch="all"
......@@ -11,9 +11,14 @@ depends=
makedepends="texinfo"
install=
subpackages="$pkgname-dev $pkgname-doc"
source="ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz"
source="ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz
CVE-2017-6891.patch"
builddir="$srcdir/$pkgname-$pkgver"
# secfixes:
# 4.9-r1:
# - CVE-2017-6891
builddir="$srcdir"/$pkgname-$pkgver
build() {
cd "$builddir"
CFLAGS="-Wno-error=inline" ./configure \
......@@ -32,6 +37,5 @@ package() {
make DESTDIR="$pkgdir" install || return 1
}
md5sums="3018d0f466a32b66dde41bb122e6cab6 libtasn1-4.9.tar.gz"
sha256sums="4f6f7a8fd691ac2b8307c8ca365bad711db607d4ad5966f6938a9d2ecd65c920 libtasn1-4.9.tar.gz"
sha512sums="1fb2c5eb89f3e9abd8f7433342619e3d89576ed15a783b8152ed9da0383342f80e750c570733ac266bc8a3c4b23e5e2a57e3735b2341d507e7d88ac366a8d6e7 libtasn1-4.9.tar.gz"
sha512sums="1fb2c5eb89f3e9abd8f7433342619e3d89576ed15a783b8152ed9da0383342f80e750c570733ac266bc8a3c4b23e5e2a57e3735b2341d507e7d88ac366a8d6e7 libtasn1-4.9.tar.gz
82972045d29afe8b4a4e240ae45e6417de46f1057ba48026ba5ed5679054dbc469194a34ede9007925bf7bfbc91c93f31aafc1dcdac8ffc4d8c0798e08c7f880 CVE-2017-6891.patch"
From 5520704d075802df25ce4ffccc010ba1641bd484 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Thu, 18 May 2017 18:03:34 +0200
Subject: [PATCH] asn1_find_node: added safety check on asn1_find_node()
This prevents a stack overflow in asn1_find_node() which
is triggered by too long variable names in the definitions
files. That means that applications have to deliberately
pass a too long 'name' constant to asn1_write_value()
and friends. Reported by Jakub Jirasek.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
---
lib/parser_aux.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/lib/parser_aux.c b/lib/parser_aux.c
index b4a7370..976ab38 100644
--- a/lib/parser_aux.c
+++ b/lib/parser_aux.c
@@ -120,6 +120,9 @@ asn1_find_node (asn1_node pointer, const char *name)
if (n_end)
{
nsize = n_end - n_start;
+ if (nsize >= sizeof(n))
+ return NULL;
+
memcpy (n, n_start, nsize);
n[nsize] = 0;
n_start = n_end;
@@ -158,6 +161,9 @@ asn1_find_node (asn1_node pointer, const char *name)
if (n_end)
{
nsize = n_end - n_start;
+ if (nsize >= sizeof(n))
+ return NULL;
+
memcpy (n, n_start, nsize);
n[nsize] = 0;
n_start = n_end;
--
1.9.1
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment